Software Integrity

Up to 900 million Android phones vulnerable to Qualcomm flaw

Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones.

Dubbed “Quadrooter” by researchers at Checkpoint, the quartet of flaws are in the chip firmware. The flaws could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device.” Once an attacker gains root privileges, malware wouldn’t require special permissions, and could execute without raising user’s suspicions.

Qualcomm makes chips for about 65 percent share of the Android market. Three of the four holes have already been patched. A patch for the fourth is forthcoming.

Qualcomm said in a statement to Ars Technica: “Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies. We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open-source community between April and July. The patches were also posted on CodeAurora. QTI continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”